Faults exposed in Windows XP SP2
Faults exposed in Windows XP SP2
German researchers have exposed security flaws in Windows XP Service Pack 2, which was released last week to patch up security holes experienced by corporate companies.
These researchers claim that damaging code could bypass XP's new security procedures via the "drag and drop" features on Internet Explorer.
This, they say, is because there is insufficient validation of drag-and-drop functions from the Internet zone to local resources.
However, Microsoft believes that this kind of sabotage would be difficult to carry out because a hacker would have to entice the user to visit a particular website and then encourage them to drag and drop this bad code into a specific location inside the site.
Another problem has been discovered with Windows XP SP2, relating to those using Microsoft's Software Update Services (SUS). This is a free Windows server add-on that runs behind the corporate firewall.
It allows companies to create a centralised internal staging area and programme the distribution of patches after they have been tested and approved, instead of downloading patches from Microsoft to desktops.
This method is meant to be unnoticeable and not require end-user intervention, but users found that this is indeed not the case.
Users had to wait for a user login and prompt to start the SP2 Wizard. This means that when a patch is run over night, users who arrive at work the next morning are faced with the option of cancelling or installing the patch.
If they cancel, then they are not patched, but if they choose to install, they cannot use their computer for 30 minutes whilst the patch is installed.
Users are upset that this function does not work automatically without any interruptions.
Related Article: